Re: [PATCH V6 1/2] nvme: enable char device per namespace

From: Niklas Cassel <Niklas.Cassel@wdc.com>
To: "hch@lst.de" <hch@lst.de>
Cc: "Minwoo Im" <minwoo.im.dev@gmail.com>,
	"javier@javigon.com" <javier@javigon.com>,
	"linux-nvme@lists.infradead.org" <linux-nvme@lists.infradead.org>,
	"sagi@grimberg.me" <sagi@grimberg.me>,
	"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
	"kbusch@kernel.org" <kbusch@kernel.org>,
	"Javier González" <javier.gonz@samsung.com>
Subject: Re: [PATCH V6 1/2] nvme: enable char device per namespace
Date: Thu, 25 Mar 2021 08:39:40 +0000	[thread overview]
Message-ID: <YFxMSzjJMqdUiqxm@x1-carbon.lan> (raw)
In-Reply-To: <20210325082647.GA27622@lst.de>

On Thu, Mar 25, 2021 at 09:26:47AM +0100, hch@lst.de wrote:
> On Thu, Mar 25, 2021 at 11:09:51AM +0900, Minwoo Im wrote:
> > > I was still allowed to write to NSID2:
> > > 
> > > sudo nvme zns report-zones -d 1 /dev/nvme0n2
> > > SLBA: 0x0        WP: 0x1        Cap: 0x3e000    State: IMP_OPENED   Type: SEQWRITE_REQ   Attrs: 0x0
> > > 
> > > Should this really be allowed?
> > 
> > I think this should not be allowed at all.  Thanks for the testing!
> 
> It should not be allowed, but it seems like a pre-existing problem
> as nvme_user_cmd does not verify the nsid.
> 
> > > I was under the impression that Christoph's argument for implementing per
> > > namespace char devices, was that you should be able to do access control.
> > > Doesn't that mean that for the new char devices, we need to reject ioctls
> > > that specify a nvme_passthru_cmd.nsid != the NSID that the char device
> > > represents?
> > > 
> > > 
> > > Although, this is not really something new, as we already have the same
> > > behavior when it comes ioctls and the block devices. Perhaps we want to
> > > add the same verification there?
> > 
> > I think there should be verifications.
> 
> Yes.

Thanks Minwoo, Christoph,

I'll cook up a patch based on nvme/nvme-5.13.

Kind regards,
Niklas